CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

PT-2023-29822 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: The issue allows an authenticated XCC user to change permissions for any user through a crafted API command. Recommendations: At the moment, there is no information about a newer version that...

CVE-2023-38902

A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

"pb_op_longer_hb for critical process NSPPE-00 (1285) 150 secs" related log explanation

ns.log: Mar 9 22:29:11 gash-vpx-uat2 nssync: NSSYNC: SYNC started.... Mar 9 22:29:11 10.168.253.225 03/09/2023:14:29:11 GMT gash-vpx-uat2 0-PPE-0 : default EVENT STATECHANGE 4713434 0 : Device "self node 10.168.253.225" - State "SYNC start " Mar 9 22:29:12 gash-vpx-uat2 nssync: Send HA File sync ...

CVE-2022-20791

A vulnerability in the database user privileges of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an authenticated, remote...

CVE-2022-20791

A vulnerability in the database user privileges of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an authenticated, remote...

CVE-2021-40423

A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

Reolink RLC-410W cgiserver.cgi command parser denial of service vulnerability

Summary A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

CVE-2017-18442

cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands SEC-246...

Command injection

Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password used when the TV is acting as an access point by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886...

CVE-2019-11336

Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password used when the TV is acting as an access point by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Circle with Disney configure.xml Notifications Command Injection Vulnerability(CVE-2017-2917)

Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...

Circle with Disney Firmware Update Signature Check Bypass Vulnerability(CVE-2017-2898)

Summary An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series...

Circle with Disney Configuration Restore Photos File Overwrite Vulnerability(CVE-2017-2916)

Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circ...

Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability

Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...

Path traversal

Absolute path traversal vulnerability in the Real-Time Monitoring Tool RTMT API in Cisco Unified Communications Manager CUCM allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414...